It's time to reconsider your strategy if you still treat cyber risk as an annual project or initiative. Having a thorough ongoing program in place means that even in the worst-case scenario, you'll be ready to demonstrate that you did what was reasonable and appropriate to protect your systems and patient data. Nothing can guarantee that a cyberattack won't become a breach. Health Centers are a domain with a high potential for data breaches. As a result, it is crucial for health center leadership to adopt breach prevention strategies across their entire organization, as opposed to relegating it to the IT department. This learning collaborative will address health center breach mitigation tactics, operationalizing cybersecurity to better mitigate risks, telehealth risk management strategies, and incident response planning from a cybersecurity perspective.

This series will equip health centers and their staff to:  

1. Describe resources, frameworks, and methods for strategic implementation of cybersecurity infrastructure and services
2. Describe essential cybersecurity tools and services that can help decrease the risk of a data breach
3. Use best practices in cybersecurity when implementing modern telehealth tools and RPM initiatives
4. Adopt cybersecurity risk management paradigms and incident response planning templates.

This learning collaborative will provide participating health centers a series of four structured virtual learning sessions where they will engage with facilitators, subject matter experts and their colleagues in peer-to-peer learning and discussion.

Since 2010, the healthcare industry has seen a remarkable increase in the use of technology in the administration and delivery in healthcare. This has led to a mass migration of data from paper charts and isolated systems to Electronic Medical Records (EMRs) and interconnected systems that transmit patient health and financial information across trusted and untrusted networks. While this has been a boon for the industry in its ability to provide timely information to those who need it the most, this transition has introduced a great deal of risk to the confidentiality and integrity of the information. Coupled with the fact that the information can be quickly monetized by criminals through insurance fraud and identity theft, the ecosystem is target-rich.

Healthcare providers have become a lucrative target for cyber criminals and many reported breaches are occuring at health centers. Since 2009, when the Department of Health and Human Services started tracking breaches that involved protected health information exposure of 500 patients or more, upwards of 1700 cases have been reported. These breach incidences are highlighted on the U.S. Department of Health and Human Services, Office for Civil Rights Breach Portal.

Many times when we think of mobile health it is in the terms of patient engagement and communication, but it is important for Health Centers to also be familiar with privacy and security concerns as it relates to mobile devices used by providers and staff.

The National Cybersecurity Center of Excellence (NCCOE) has recently provided two new resources that cover movile device security and a catalogue of currently known threats. Both items are available for download from the NCCOE website.